Forward to DOMAIN/.pomerium/

Hi there,

What happened?

When I want to access my domain I am always forwarded to the Pomerium user dashboard on DOMAIN/.pomerium/ but when I add some other path to DOMAIN/path I am forwarded to the right content

What did you expect to happen?

I should be forwarded to the landing page of the proxied site.

How’d it happen?

  1. Ran https://www.DOMAIN
  2. Hit enter
  3. Saw pomerium user dashboard on DOMAIN/.pomerium/

What’s your environment like?

  • Pomerium version current version on docker compose
  • Server Operating System/Architecture/Cloud:
    ubuntu 22.04 server

What’s your config.yaml?

routes:
  - from: https://xyz.com
    to: http://localhost:3000
    policy:
      - allow:
          or:
            - domain:
                is: xyz
            - domain:
                is: xyz
    pass_identity_headers: true
1 Like
  1. is your IdP login working properly? are you able to authenticate - i.e. (/.pomerium shows you user info?)
  2. just to rule out IdP interference try to see if the route works with public_unauthenticated_access: true?
  3. we would need some logs; note that every response carries an x-request-id in the response header and that request ID is attached to the relevant Pomerium log lines.
  1. is your IdP login working properly? are you able to authenticate - i.e. (/.pomerium shows you user info?)

Yeah azure AD as IdP works fine, User Info is shown properly

  1. just to rule out IdP interference try to see if the route works with public_unauthenticated_access: true?

Pretty much the same behaviour. When I access the base domain it forwards to IdP-Provider and then forwards to pomerium dashboard.
When I access non base domaon path e.g. DOMAIN/docs it forwards directly to the in this case not protected site.

  1. we would need some logs; note that every response carries an x-request-id in the response header and that request ID is attached to the relevant Pomerium log lines.

this is the logs that I get on compose:
pomerium-pomerium-1 | {“level”:“info”,“service”:“envoy”,“upstream-cluster”:“pomerium-control-plane-http”,“method”:“GET”,“authority”:“DOMAIN”,“path”:“/”,“user-agent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36”,“referer”:“”,“forwarded-for”:“93.241.69.183”,“request-id”:“8eeeedcc-c9ae-4517-a3f7-58c8e267d7c3”,“duration”:0.896459,“size”:34,“response-code”:302,“response-code-details”:“via_upstream”,“time”:“2023-01-18T10:38:32Z”,“message”:“http-request”}
pomerium-pomerium-1 | {“level”:“info”,“service”:“envoy”,“upstream-cluster”:“pomerium-control-plane-http”,“method”:“GET”,“authority”:“DOMAIN”,“path”:“/.pomerium/”,“user-agent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36”,“referer”:“”,“forwarded-for”:“93.241.69.183”,“request-id”:“f047dca3-b935-4589-8f60-33408ff83942”,“duration”:12.001113,“size”:4320,“response-code”:200,“response-code-details”:“via_upstream”,“time”:“2023-01-18T10:38:32Z”,“message”:“http-request”}